phpCOIN vulnerability fix

phpCOIN is the software used by BryteNet hosting to manage orders, invoicing and the helpdesk.

Tuesday a vulnerability has been discovered allowing atackers to execute remote code on the server.

When a fix was published I immediately installed it on the server, but the site had already been hacked. To make matters worse, the fix files contained errors, which made that phpCOIN did not produce any output.

My server error log showed me where the errrors were, and by adding some parentesis I could fix my site.

The official fix files are now three days old, and still contain these errors. There are more and more people running into this problem asking for wroking, so I uploaded my fixed files for download.

Note that the original fix file contains more files, so you need to install those files first and then overwrite the three files with errors with my copies.

[Update 2005/12/19]: The official fix files have been updated, so my files are no longer necessary.

Jeroen Sangers @jeroensangers